Skip to content

Commit

Permalink
Merge pull request #8 from nasusoba/arc-iac-ikrrv
Browse files Browse the repository at this point in the history
Initial Setup Iac Repository
  • Loading branch information
nasusoba authored Nov 12, 2024
2 parents 772f877 + d0f5620 commit d9ee672
Show file tree
Hide file tree
Showing 9 changed files with 160 additions and 44 deletions.
8 changes: 4 additions & 4 deletions .azure/backendTemplate.tf
Original file line number Diff line number Diff line change
@@ -1,10 +1,10 @@
terraform {
backend "azurerm" {
resource_group_name = "runyutestiac"
storage_account_name = "runyutestiacsa"
container_name = "runyutestiaccontainer"
resource_group_name = "hybrid-iac"
storage_account_name = "hybridiac"
container_name = "hybridiac"
key = "{{.GroupName}}.tfstate"
use_azuread_auth = true
subscription_id = "de3c4d5e-af08-451a-a873-438d86ab6f4b"
subscription_id = "bd7961c1-21fb-449a-afff-070bf4b4e500"
}
}
12 changes: 12 additions & 0 deletions .azure/export.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
[
{
"resourceGroup": "/subscriptions/xxxx/resourceGroups/xxxx",
"baseModulePath": "./modules/test",
"groupPath": "./dev/lalla",
"pathToUpdate": [
"./dev",
"./qa",
"./prod"
]
}
]
35 changes: 35 additions & 0 deletions .github/workflows/deploy-infra.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
name: Terraform apply infra change

on:
push:
branches: ["main"]
workflow_dispatch:

permissions:
id-token: write
contents: read

jobs:
dev:
name: dev
needs: []
uses: ./.github/workflows/list-and-run.yml
secrets: inherit
with:
directory: dev

qa:
name: qa
needs: [dev]
uses: ./.github/workflows/list-and-run.yml
secrets: inherit
with:
directory: qa

prod:
name: prod
needs: [dev,qa]
uses: ./.github/workflows/list-and-run.yml
secrets: inherit
with:
directory: prod
25 changes: 11 additions & 14 deletions .github/workflows/export.yml
Original file line number Diff line number Diff line change
Expand Up @@ -22,19 +22,17 @@ env:
ARM_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
ARM_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
ARM_USE_OIDC: true
TF_VAR_tenant: ${{ secrets.AZURE_TENANT_ID }}
TF_VAR_subscriptionId: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
TF_VAR_localAdminUser: ${{ secrets.localAdminUser }}
TF_VAR_localAdminPassword: ${{ secrets.localAdminPassword }}
TF_VAR_domainAdminUser: ${{ secrets.domainAdminUser }}
TF_VAR_domainAdminPassword: ${{ secrets.domainAdminPassword }}
TF_VAR_deploymentUserName: ${{ secrets.deploymentUserName }}
TF_VAR_deploymentUserPassword: ${{ secrets.deploymentUserPassword }}
TF_VAR_servicePrincipalId: ${{ secrets.servicePrincipalId }}
TF_VAR_servicePrincipalSecret: ${{ secrets.servicePrincipalSecret }}
TF_VAR_rpServicePrincipalObjectId: ${{ secrets.rpServicePrincipalObjectId }}
TF_VAR_vmAdminPassword: ${{ secrets.vmAdminPassword }}
TF_VAR_domainJoinPassword: ${{ secrets.domainJoinPassword }}
TF_VAR_subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
TF_VAR_hci_0_local_admin_user: ${{ secrets.localAdminUser }}
TF_VAR_hci_0_local_admin_password: ${{ secrets.localAdminPassword }}
TF_VAR_domain_admin_user: ${{ secrets.domainAdminUser }}
TF_VAR_domain_admin_password: ${{ secrets.domainAdminPassword }}
TF_VAR_hci_0_deployment_user_password: ${{ secrets.deploymentUserPassword }}
TF_VAR_hci_0_service_principal_id: ${{ secrets.servicePrincipalId }}
TF_VAR_hci_0_service_principal_secret: ${{ secrets.servicePrincipalSecret }}
TF_VAR_rp_service_principal_object_id: ${{ secrets.rpServicePrincipalObjectId }}
TF_VAR_vm_admin_password: ${{ secrets.vmAdminPassword }}
TF_VAR_domain_join_password: ${{ secrets.domainJoinPassword }}
HCI_RP_SP_ID: ${{ secrets.rpServicePrincipalObjectId }}

jobs:
Expand Down Expand Up @@ -112,4 +110,3 @@ jobs:
git add .
git commit -m "Export Azure resource into config"
git push
51 changes: 51 additions & 0 deletions .github/workflows/list-and-run.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,51 @@
name: List and Run

on:
workflow_call:
inputs:
directory:
required: true
type: string

jobs:
list:
runs-on: windows-latest
outputs:
matrix: ${{ steps.setTargets.outputs.matrix }}
apply: ${{ steps.setTargets.outputs.apply }}
steps:
# Checkout the repository to the GitHub Actions runner
- name: Checkout
uses: actions/checkout@v3

- name: List directory
id: setTargets
shell: pwsh
run: |
$inputDirectory = "${{ inputs.directory }}"
$fullPath = Join-Path $pwd ${{ inputs.directory }}
$sites = Get-ChildItem -Directory $fullPath
$array = @()
foreach ($site in $sites) {
$array += @{
'siteId' = $site.Name
'workingDirectory' = ($inputDirectory + '/' + $site.Name).Replace('\', '/')
}
}
$json = ConvertTo-Json -InputObject $array -Compress
echo "matrix=$json" >> $env:GITHUB_OUTPUT
$apply = if ($sites.Length -gt 0) { 'true' } else { 'false' }
echo "apply=$apply" >> $env:GITHUB_OUTPUT
apply:
needs: [list]
if: ${{ needs.list.outputs.apply == 'true' }}
strategy:
matrix:
site: ${{ fromJson(needs.list.outputs.matrix) }}
uses: ./.github/workflows/site-cd-workflow.yml
with:
working-directory: ${{ matrix.site.workingDirectory }}
secrets: inherit
4 changes: 3 additions & 1 deletion .github/workflows/scale.yml
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,8 @@ on:
permissions:
contents: write
id-token: write
pull-requests: write
issues: write

jobs:
scale:
Expand Down Expand Up @@ -68,4 +70,4 @@ jobs:
git add .
git commit -m "Scale more sites according to .azure/scale.csv"
git push
31 changes: 18 additions & 13 deletions .github/workflows/site-cd-workflow.yml
Original file line number Diff line number Diff line change
Expand Up @@ -16,21 +16,26 @@ env:
ARM_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
ARM_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
ARM_USE_OIDC: true
TF_VAR_subscriptionId: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
TF_VAR_localAdminUser: ${{ secrets.localAdminUser }}
TF_VAR_localAdminPassword: ${{ secrets.localAdminPassword }}
TF_VAR_domainAdminUser: ${{ secrets.domainAdminUser }}
TF_VAR_domainAdminPassword: ${{ secrets.domainAdminPassword }}
TF_VAR_deploymentUserPassword: ${{ secrets.deploymentUserPassword }}
TF_VAR_servicePrincipalId: ${{ secrets.servicePrincipalId }}
TF_VAR_servicePrincipalSecret: ${{ secrets.servicePrincipalSecret }}
TF_VAR_rpServicePrincipalObjectId: ${{ secrets.rpServicePrincipalObjectId }}
TF_VAR_vmAdminPassword: ${{ secrets.vmAdminPassword }}
TF_VAR_domainJoinPassword: ${{ secrets.domainJoinPassword }}
TF_VAR_subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
TF_VAR_local_admin_user: ${{ secrets.localAdminUser }}
TF_VAR_hci_0_local_admin_user: ${{ secrets.localAdminUser }}
TF_VAR_local_admin_password: ${{ secrets.localAdminPassword }}
TF_VAR_hci_0_local_admin_password: ${{ secrets.localAdminPassword }}
TF_VAR_domain_admin_user: ${{ secrets.domainAdminUser }}
TF_VAR_domain_admin_password: ${{ secrets.domainAdminPassword }}
TF_VAR_deployment_user_password: ${{ secrets.deploymentUserPassword }}
TF_VAR_hci_0_deployment_user_password: ${{ secrets.deploymentUserPassword }}
TF_VAR_service_principal_id: ${{ secrets.servicePrincipalId }}
TF_VAR_hci_0_service_principal_id: ${{ secrets.servicePrincipalId }}
TF_VAR_service_principal_secret: ${{ secrets.servicePrincipalSecret }}
TF_VAR_hci_0_service_principal_secret: ${{ secrets.servicePrincipalSecret }}
TF_VAR_rp_service_principal_object_id: ${{ secrets.rpServicePrincipalObjectId }}
TF_VAR_vm_admin_password: ${{ secrets.vmAdminPassword }}
TF_VAR_domain_join_password: ${{ secrets.domainJoinPassword }}

jobs:
terraform:
name: "Terraform"
name: ${{ inputs.working-directory }}
# runs-on: [windows-latest]
runs-on: [self-hosted]
environment: terraform
Expand Down Expand Up @@ -114,4 +119,4 @@ jobs:
uses: Azure/IaC-Telemetry@main
with:
event-name: "apply-failure"
directory: ${{ inputs.working-directory }}
directory: ${{ inputs.working-directory }}
28 changes: 16 additions & 12 deletions .github/workflows/terraform-plan.yml
Original file line number Diff line number Diff line change
Expand Up @@ -15,17 +15,22 @@ env:
ARM_SUBSCRIPTION_ID: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
ARM_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
ARM_USE_OIDC: true
TF_VAR_subscriptionId: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
TF_VAR_localAdminUser: ${{ secrets.localAdminUser }}
TF_VAR_localAdminPassword: ${{ secrets.localAdminPassword }}
TF_VAR_domainAdminUser: ${{ secrets.domainAdminUser }}
TF_VAR_domainAdminPassword: ${{ secrets.domainAdminPassword }}
TF_VAR_deploymentUserPassword: ${{ secrets.deploymentUserPassword }}
TF_VAR_servicePrincipalId: ${{ secrets.servicePrincipalId }}
TF_VAR_servicePrincipalSecret: ${{ secrets.servicePrincipalSecret }}
TF_VAR_rpServicePrincipalObjectId: ${{ secrets.rpServicePrincipalObjectId }}
TF_VAR_vmAdminPassword: ${{ secrets.vmAdminPassword }}
TF_VAR_domainJoinPassword: ${{ secrets.domainJoinPassword }}
TF_VAR_subscription_id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
TF_VAR_local_admin_user: ${{ secrets.localAdminUser }}
TF_VAR_hci_0_local_admin_user: ${{ secrets.localAdminUser }}
TF_VAR_local_admin_password: ${{ secrets.localAdminPassword }}
TF_VAR_hci_0_local_admin_password: ${{ secrets.localAdminPassword }}
TF_VAR_domain_admin_user: ${{ secrets.domainAdminUser }}
TF_VAR_domain_admin_password: ${{ secrets.domainAdminPassword }}
TF_VAR_deployment_user_password: ${{ secrets.deploymentUserPassword }}
TF_VAR_hci_0_deployment_user_password: ${{ secrets.deploymentUserPassword }}
TF_VAR_service_principal_id: ${{ secrets.servicePrincipalId }}
TF_VAR_hci_0_service_principal_id: ${{ secrets.servicePrincipalId }}
TF_VAR_service_principal_secret: ${{ secrets.servicePrincipalSecret }}
TF_VAR_hci_0_service_principal_secret: ${{ secrets.servicePrincipalSecret }}
TF_VAR_rp_service_principal_object_id: ${{ secrets.rpServicePrincipalObjectId }}
TF_VAR_vm_admin_password: ${{ secrets.vmAdminPassword }}
TF_VAR_domain_join_password: ${{ secrets.domainJoinPassword }}

jobs:
provide_paths:
Expand Down Expand Up @@ -223,4 +228,3 @@ jobs:
- name: Terraform Plan Status
if: steps.plan.outcome == 'failure'
run: exit 1

10 changes: 10 additions & 0 deletions BUILD.bazel
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
filegroup(
name = "profilefiles-tar-files",
srcs = glob(
[
"**",
],
exclude = ["BUILD.bazel"],
),
visibility = ["//visibility:public"],
)

0 comments on commit d9ee672

Please sign in to comment.